Splunk Search

Display table issue

samlinsongguo
Communicator

Currently I have a table generate by my query as below
query: index=a | stats count by name code signature

name    code signature  count
host1   111 aaaaaaa         34
host1   222 bbbbbb          25
host1   333 cccccccc             7
host2   111 aaaaaaa         26
host2   222 bbbbbb          98
host2   333 cccccccc            75

is there a way to make the table display like below, which only display the hostname once.

name    code signature  count
host1   111 aaaaaaa         34
        222 bbbbbb          25
        333 cccccccc             7
host2   111 aaaaaaa         26
         222    bbbbbb          98
         333    cccccccc         75

Thanks in advance.

Tags (2)
0 Karma
1 Solution

tiagofbmm
Influencer

Hey

Try this please

index=yourindex
| stats count as C by code,signature, name 
| stats list(signature), list(code), list(C) by name

View solution in original post

logloganathan
Motivator

answer provided by tiagofbmm exactly correct but answer not accepted by you
this is not fair.
people spending time for this. you should honor

0 Karma

ppablo
Retired

Hi @logloganathan

Please be mindful that not everyone has the same schedule and time to review things consistently on Splunk Answers, especially going into the weekend when people are not as focused on tasks related to work. This is a community forum where people spend their available free time when possible which is very much appreciated every day. Please allow users enough time to respond to posts in the future.

If a user does not follow up after 3-5 business days, then I think it's appropriate to simply comment on the question "Did the answer below solve your issue? If yes, please accept the answer to resolve the post. If not, please comment with more details for the community to help troubleshoot further". Setting a constructive, positive tone to promote engagement will be more beneficial than making people feel pressured when they are doing the best they can.

samlinsongguo
Communicator

@logloganathan Dude come down. I did not have a chance to look at his answer until now, it is not like I have to accept an correct answer next mins it posted right? People have life man

0 Karma

tiagofbmm
Influencer

Hey

Try this please

index=yourindex
| stats count as C by code,signature, name 
| stats list(signature), list(code), list(C) by name

samlinsongguo
Communicator

Hi Tiagofbmm
Thank you for your advice. Sorry for the late accept, I did not look at my email until now.
Cheers
Sam

0 Karma

logloganathan
Motivator

correct answer...thanks for helping!!

0 Karma

tiagofbmm
Influencer

@logloganathan an upvote is always welcome

0 Karma

tiagofbmm
Influencer

@samlinsongguo if the answer is correct, please accept and upvote it

0 Karma

p_gurav
Champion

Didi you try:

| stats count values(code) values(signature) by name 
0 Karma

samlinsongguo
Communicator

it will give you a sum of the total event host1 has like below
host1 65 111 aaaaaaa
222 bbbbbb

333 cccccccc

host2 125 111 aaaaaaa

222 bbbbbb

333 cccccccc

but I still want to know each individual code count

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...